agent 1

Red Balloon Security & AFRL CTF
DEF CON 27, 2019


Congratulations to First Lt. Evan Richter, winner of the first AFRL - Red Balloon Security CTF at DEFCON 27!

A huge thank you to everyone who participated, and of course to our friends at AFRL for your hard work and assistance in making this happen. We can’t wait to push the boundaries even further next year!

agent 2



Secure the asset from the Cerberus shipment.


The container is defended by an elite team of operators highly trained in the remote defense of secure facilities. All angles of approach are monitored by cameras, and the container itself is protected by ROOKS remote turrets. The operators have orders to fire on anyone who approaches the container.


Two weeks ago, our agents managed to capture a similar container and downloaded the firmware binaries for the cameras and the ROOKS units before the unit self-destructed. We hope that when you analyze the data, you will find some weakness you can exploit to get past the cameras and turrets. Remember, many members of the Both Ann cell died to bring you this opportunity.

If you accept this mission, initiate Stage 1.

STAGE 1: Defeat Video Surveillance



The target area is monitored by a remote camera system. In order to avoid detection while infiltrating the container, you will need to look for vulnerabilities that you can exploit, and create an attack to loop the footage.

We have positively identified the cameras as modified Xiaomi Yi Outdoor Security Cameras.


  • Exploit Security Camera
  • Loop Footage

To ensure agent safety, we will need to check your work. Our agents will provide more information on verification as you complete this task.

STAGE 2: Defeat Sentry Turret



The container is further protected by an armed ROOKS sentry turret. The ROOKS turret is Cerberus’s knockoff of the US military spec CROWS turret. It comes equipped with a recoilless missile launcher firing 12mm depleted-polyurethane kinetic impact flechettes.

You will look for vulnerabilities you can exploit, and create an attack to disable the turret—without the operators knowing. If they realize they’ve been hacked, they will remotely self-destruct the facility. Good luck, and don’t get shot.


  • Disable Sentry Turret
  • Avoid Detection

In the interest of not getting shot, we want to verify your work on this stage as well. Our agents will provide more information as it becomes available.

STAGE 3: Infiltrate the Container



After submitting your solutions for Stage 1 and Stage 2, you will meet with our undercover agents in Las Vegas. They will be in the El Dorado ballroom in the Flamingo Casino, posing as representatives of the USAF and Red Balloon Security.

You will be rewarded for your efforts thus far, but your trials will have only just begun.

If we determine that you are ready to face the gauntlet, you will be provided with everything you need to prepare for the assault. If any new security systems have been identified, you will be given a briefing on them.

Once you are ready, agents will lead you to the location of the container. Motivational music will be played. Be careful! If the defenders see you or determine that the turret is disabled before they try to shoot you, they can remotely lock down the container. You will have limited time to obtain the asset.


  • Clandestinely Meet With Our Agents
  • Infiltrate Container and Recover the Asset